Security by Sector: Insecure Data Sharing Practices Putting Educational Orgs at Risk

Written by

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?

Research from cybersecurity vendor Netwrix has revealed that many organizations in the education sector are at risk of data security incidents because of weak data sharing security controls – with the recent move to distance and remote learning as a result of COVID-19 social distancing increasing the risks being faced.

Carrying out research for its 2020 Netwrix Data Risk & Security Report, the firm discovered that 82% of educational organizations don’t track data sharing at all or do it manually, whilst employees at more than half of companies in the education sector use cloud applications to share sensitive data outside of IT control and knowledge – the highest percentage among all verticals surveyed by Netwrix.

What’s more, 63% of educational organizations don’t review permissions regularly and 24% of system administrators admitted to granting direct access rights upon user request. In fact, 28% of educational organizations surveyed had data outside of secure locations, which is the highest number of all industries polled. This data was left exposed for days (40%) or months (33%).

“Distance learning creates many challenges for educational organizations, and cybersecurity is often taking a back seat to operational resilience. The Netwrix survey shows that security processes were not ideal before the pandemic, leaving these institutions even more vulnerable to the growing number of cyber-threats today,” said Steve Dickson, CEO at Netwrix.

To ensure these institutions can secure their student and employee data, IT professionals need to get back to basics, he added.

“First, they need to understand what sensitive data they have, and classify it by its level of sensitivity and value to the organization. Second, they need to ensure that the data is stored securely, prioritizing the most important data. Last, they need to adopt healthy security practices for granting permissions in order to avoid data overexposure.”

What’s hot on Infosecurity Magazine?